edit-icon download-icon

[Vulnerability notice] CVE-2017-11610: Remote command execution vulnerability in Supervisord

Last Updated: Apr 02, 2018

Supervisord is a Python-based tool that provides a graphic user interface (GUI) to manage backend applications (services).

Recently, an authenticated remote command execution vulnerability (CVE-2017-11610) was detected in Supervisord. Attackers can send malicious data through POST request to the Supervisord management interface to obtain the server operation right, causing a serious security risk.

See the following for more information about the vulnerability.


CVE identifier

CVE-2017-11610

Vulnerability name

Supervisord remote command execution vulnerability

Vulnerability rating

High

Vulnerability description

Attackers can send malicious data through POST request to the Supervisord management interface to obtain the server operation right.

Condition and method of exploitation

  • Conditions of exploits:

    • Supervisord version is 3.1.2 or 3.3.2.
    • Management Port 9001 of Supervisord can be accessed from the Internet.
    • Supervisord has no password configured or uses a weak password.
  • Method of exploits: Remote exploitation.

Affected scope

  • Supervisord version 3.1.2
  • Supervisord version 3.3.2

Vulnerability detection

Check whether any affected version of Supervisord is used.

How to fix or mitigate

Follow these steps to fix the vulnerability:

  1. If Supervisord is not needed, we recommend that you stop and uninstall it. In addition, check for the abnormal process or account on the server, ensuring the normal running of the server.

  2. If Supervisord is needed, uninstall and reinstall it, and upgrade the version to 3.3.3. Create a snapshot or data backup before uninstallation.

  3. This vulnerability uses Management Port 9001 enabled on Supervisord to start remote attacks. Therefore, you can configure an ECS security group policy to block Port 9001 in the inbound and outbound directions of the Internet and intranet.

  4. Configure a strong password for RPC logon on Supervisord. We recommend that the password contain more than 8 characters, including upper-case or lower-case letters, numbers, and special characters.

Reference

[1]. https://www.leavesongs.com/PENETRATION/supervisord-RCE-CVE-2017-11610.html

Thank you! We've received your feedback.